Malware may take control of a data processing system by altering how control flows in software that is executing on the data processing system. In recent years, control-flow integrity (CFI) hardware mechanisms have been developed to combat malware. For example, software on a data processing system may use the CFI hardware to make sure that control flow has not been altered during execution. CFI hardware may ensure that a control transfer instruction or statement and the corresponding target have the matching tags, for instance.
To take advantage of CFI hardware, software may need to be rewritten, recompiled, or otherwise modified, for instance to incorporate new instructions that invoke the CFI hardware support. However, it may take considerable time and human effort for the developer of the software to modify the software to incorporate CFI features.
Additionally, such modifications may be inadequate to address all control-flow risks, particularly when different types of software are used together. For example, when an untrusted software component is linked with a managed runtime, there is a risk that the untrusted software component will invoke code of the managed runtime that is not supposed to be invoked by the untrusted software component.